I have implemented an encryption option for downloaded PDFs in a client branch. This feature could be useful if adjusted for trunk. The clients implementation is in an Alfresco enviornment, which, if enabled, password protects any PDF download through content/content calls as well as the export folder and download as zip action executers. There is also a PDF_Encryption branch which contains a custom content interceptor for encrypting Alfresco share downloads.
For reference, the PDFUtil methods to be used for encryption are included in OC revision: 20315
Enhancements to be considered for trunk:
Instead of configuring the encryption details using beans and property files, create an OCMS admin tab, as well as a new config for controlling the enabling/disabling of encryption, as well as setting the unlock password. This would also open the possibility for user specific encryption options controlled by an admin group.
One way to implement the encryption process would be to create an overriding method for enhancedGetObject() in each content impl that includes an additional object that would contain the encryption details, which would be referenced when handling input streams and determining if the stream should be encrypted.
Things to note:
Encryption must be done AFTER overlays are applied
The encryption process must cooperate with any OpenAnnotate modifications to PDFs/renditions
Based on the current implementation in the client branch, encryption must implemented in each REST call/action that could result in a downloaded PDF/per client request.
I have implemented an encryption option for downloaded PDFs in a client branch. This feature could be useful if adjusted for trunk. The clients implementation is in an Alfresco enviornment, which, if enabled, password protects any PDF download through content/content calls as well as the export folder and download as zip action executers. There is also a PDF_Encryption branch which contains a custom content interceptor for encrypting Alfresco share downloads.
For reference, the PDFUtil methods to be used for encryption are included in OC revision: 20315
Enhancements to be considered for trunk:
Instead of configuring the encryption details using beans and property files, create an OCMS admin tab, as well as a new config for controlling the enabling/disabling of encryption, as well as setting the unlock password. This would also open the possibility for user specific encryption options controlled by an admin group.
One way to implement the encryption process would be to create an overriding method for enhancedGetObject() in each content impl that includes an additional object that would contain the encryption details, which would be referenced when handling input streams and determining if the stream should be encrypted.
Things to note:
Encryption must be done AFTER overlays are applied
The encryption process must cooperate with any OpenAnnotate modifications to PDFs/renditions
Based on the current implementation in the client branch, encryption must implemented in each REST call/action that could result in a downloaded PDF/per client request.